Mobile security threat - awareness

Billy Austin

4-mobile-threat-pillars.png

We live in a world of branch offices, remote workers, BYOD, transient and mobile users. Today’s wide array of smartphones, tablets and devices of many shapes and sizes access our network and data. These non-patched and mis-configured devices storing unencrypted data such as credit card and social security numbers provide a feeding ground for hungry hackers. Adding to the cause is the adoption of cloud syncing and sharing between computing and mobility (iCloud, Google Drive and Dropbox) where confidential PII data is both at rest on your office desktop and now in your pocket.

The Verizon 2013 Data Breach Investigation Report puts it simple – “Attacks are inevitable. Companies should devote more time and effort to detection and remediation.” For a southern translation, Ross Perot knows best, ‘In plane Texas talk people, its do the right thing,’ scan it and fix it!

With the global population over 7 billion and continuous adoption of mobility, it would be great to see Verizon’s next DBIR to incorporate data breach mobility metrics. Now that PCI DSS 3.0 is public and the death of Windows XP nears, we are seeing small businesses flock to mobility for credit card processing. Although testing procedures are lacking, customers should not interpret this as a means for escaping compliance, but rather as an opportunity to assess for both vulnerabilities and unprotected data as mobile threats continue to evolve.

We are in a unique position to analyze mobile threats and cardholder data at risk.

Bad News - Mobile analysis by the numbers:
1 out of 20 devices are lost are stolen
1 out of 12 devices store credit card data in Contacts, SMS or synced documents
57% of smartphones scanned in October had no onscreen password
98% of Androids scanned in 2013 had at least a vulnerable Browser and/or Adobe app
More than half of Android & Apple iOS devices had at least 1 vulnerable browser

Good News - RECOMMENDATIONS – Assessing for mobile threats and unprotected data

Mobile devices contain more sensitive information than you might expect. The notion of assessing your network by inserting IP Addresses is no longer a viable means when Mobility and BYOD are in play. The goal of any organization should equate to 100% visibility of your security or compliance posture for both Mobility and Computing, regardless of where they are located.

IT needs the ability to know
- How vulnerable is my Corporate and BYOD mobile world?
- What unprotected confidential data resides on my devices?

Over the past year, these are the questions we are educating customers that the answer can be provided very simple and fast.

Last week we announced the availability of our free mobile security scanner for both Apple iOS and Android providing users to scan for vulnerabilities.
Mobile Security Scanner

img_0168.png

Vulnerabilities – Applications and Operating Systems
Scan mobile devices for both application and operating system vulnerabilities
Review vulnerable results, and then apply appropriate updates

The registered version unlocks the additional scanning of Confidential data, Configurations and an optional MDM feature for the remote administration of: Scan, Lock, Locate and Wipe.

Confidential Data
Scan mobile devices to identify if cardholder and other confidential data are at risk
Analyze unprotected data discovered, and then delete or encrypt the data

Configurations
Scan mobile devices to ensure proper configurations are in place
Ensure your devices settings are enabled/disabled per your mobile security policy

Curious if your mobile device is vulnerable? Find out with iScan Online's free mobile scan from Apple iTunes or Google Play. Interested in scanning multiple mobile and computing devices for vulnerabilities and unprotected credit card data, visit MAX Risk Intelligence for a free trial.